Opting out of data collection should be user choice

In an effort to improve mobile data protection, one U.S. representative has proposed a new law that would allow users to more effectively regulate the volume and variety of personal information collected by application developers and advertising partners. According to CIO.com, representative Hank Johnson, who is a Democrat from Georgia, drafted and proposed the Application Privacy, Protection, and Security (APPS) Act.

The proposed legislation would require app developers to give users notice of what kind of information they collect and have to get consent before collecting any kind of personal data. In addition to this, users would be able to request that all previously collected data be deleted once they decide to deprovision the app and/or terminate their service subscriptions.

“For purposes of this Act, if the developer of a mobile application allows a third party to access personal data collected by the application, such personal data shall be considered to be shared with the third party, whether or not such personal data are first transmitted to the developer,” the proposed bill said in one of the stipulations.

Johnson said that because the feedback from the public that was received on the bill was strong on transparency, security and control by users, they included all of this in the bill as much as possible. He collected opinions on what users wanted via AppRights.us and said provisions were written into the bill to address concerns without threatening functionality of the apps. While CIO said this proposal has not yet been formally addressed as legislation, it says that the U.S. Federal Trade Commission would be the body enforcing app privacy rules, with state attorney generals being able to bring civil lawsuits against app companies that violate the rules.

The website quoted Steve DelBianco, executive director of the NetChoice e-commerce trade group, who said lawmakers needed to give time for the U.S. National Telecommunications and Information Administration to develop recommendations from their meetings.

“We have been at this for six months, and have some ways yet to go,” DelBianco said in an email to CIO.com. “So I hope the congressman will hold his bill until our multi-stakeholder process proves it can generate consensus best practices.”

EU wants more app security as well
In the European Union, Telecom Lead said an Accountability Framework to address protection has been introduced that calls for greater accountability of app privacy. Tom Phillips, chief government and regulatory affairs officer of the GSMA said they were the first to address challenges and believe that if this is adopted across the EU’s mobile ecosystem, there would be more consistency and protection for people who have mobile for personal and business use. Stephen Deadman, group privacy officer for Vodafone, was also quoted by the website, agreeing with Phillips.

“Accountability forms an essential element in Vodafone’s privacy program, and in ensuring privacy-by-design in our app development process,” he said. “These principles will help companies across the ecosystem create the internal governance and assurance processes to ensure the guidelines are effectively implemented and deliver better privacy experiences for mobile users in practice.”

Telecom lead also quoted Hannes Ametsreiter, CEO of Telekom Austria Group, who said this mobile data protection law could be an important step for mobile, social media and cloud networks where there is a growing concern for personal data protection. He said apps from his company have a high level of privacy, but this is a growing concern across the industry.